Search results matching tags 'Tips', 'Security', 'Administration', and 'Best Practices'http://sqlblog.com/search/SearchResults.aspx?o=DateDescending&tag=Tips,Security,Administration,Best+Practices&orTags=0Search results matching tags 'Tips', 'Security', 'Administration', and 'Best Practices'en-USCommunityServer 2.1 SP2 (Build: 61129.1)Backup those keys, citizenhttp://sqlblog.com/blogs/buck_woody/archive/2010/04/20/backup-those-keys-citizen.aspxTue, 20 Apr 2010 12:14:50 GMT21093a07-8b3d-42db-8cbf-3350fcbf5496:24408BuckWoody<p>Periodically I back up the keys within my servers and databases, and when I do, I blog a reminder here. This should be part of your standard backup rotation – the keys should be backed up often enough to have at hand and again when they change.</p> <p>The first key you need to back up is the Service Master Key, which each Instance already has built-in. You do that with the <a href="http://msdn.microsoft.com/en-us/library/ms190337.aspx" target="_blank">BACKUP SERVICE MASTER KEY command, which you can read more about here</a>.</p> <p>The second set of keys are the Database Master Keys, stored per database, if you’ve created one. You can back those up with the <a href="http://technet.microsoft.com/en-us/library/ms174387.aspx" target="_blank">BACKUP MASTER KEY command, which you can read more about here</a>.</p> <p>Finally, you can use the keys to create certificates and other keys – those should also be backed up. <a href="http://msdn.microsoft.com/en-us/library/ms189586.aspx" target="_blank">Read more about those here</a>.</p> <p>Anyway, the important part here is the backup. Make sure you keep those keys safe!</p>Have you backed up your keys lately?http://sqlblog.com/blogs/buck_woody/archive/2010/03/01/have-you-backed-up-your-keys-lately.aspxMon, 01 Mar 2010 14:06:04 GMT21093a07-8b3d-42db-8cbf-3350fcbf5496:22679BuckWoody<p>Did you know that you already have a Server Master Key (SMK) generated for your system? That’s right – while a Database Master Key (DMK) is generated when you encrypt a certificate or Asymmetric Key with code, the Server Master Key is generated automatically when you start the Instance. </p> <p>So you should back all of those keys up periodically, and then store that backup AWAY from the server itself. </p> <p>There are two reasons for this – first, if the drives get stolen and you’re storing the key backup there, well, that should be obvious why that’s bad. Second, you want to protect the keys in case the system is destroyed or you can’t recover the drives. You will need those keys if you have encrypted anything in the database to get the data back.</p> <p>More here: <a href="http://technet.microsoft.com/en-us/library/bb964742.aspx">http://technet.microsoft.com/en-us/library/bb964742.aspx</a>&#160;</p> <p>No, the standard Maintenance Wizards don’t get this data. And no, I haven’t seen it addressed in most of the maintenance scripts out there anyway – sometimes for good reason, but this means you need to take care of it manually, and then document where you put that backup.</p>